Re: NetSky.q Virus. Looking for more detailed information on how the DOS will be performed.

["Paul" <paul@xxxxxxxxxxxxxxx>]

I just wanted to say thanks to all the people who responded, I think we have
enough information to build a decent set of firewall rules to drop the incoming
packets at the access points.


Moving forward, I don't really understand why this information was so hard to 
get
in the first place, all of the A/V vendors make the virus client payload 
information
easily and freely accessible on their websites, why the detailed information on
the actuall attack the virus was designed was left out is beyond me. I 
understand
and sympathise that this would be conisdered extremely technical information, 
but
making it available as a subtext or in a linked analysis document shouldn't be 
to
hard.


thank you all
paul


> ------------Original Message------------
> From: "Paul" <paul@xxxxxxxxxxxxxxx>
> To: bugtraq@xxxxxxxxxxxxxxxxx
> Date: Tue, Mar-30-2004 1:52 PM
> Subject: NetSky.q Virus. Looking for more detailed information on how the DOS 
> will be performed.
> 
> Hi, 
> 
> I work for one of the companies about to be hit with the dDOS attack 7-12 
> from the NetSky.Q virus. 
> http://securityresponse.symantec.com/avcenter/venc/data/w32.netsky.q@xxxxxxx
> 
> I am looking for more detailed information on exactly how the dDOS attack 
> will be performed, ports used, request
> type, packet size, etc. In hopes of getting enough information to work with 
> our providers for an adequate defense.
> 
> The online AV sites concentrate on the end user response (how to clean, what 
> it does to their PC etc).
> 
> 
> 
> Does anyone have this information?
> paul
> 
>